Lines Matching +full:firmware +full:- +full:initialised
1 // SPDX-License-Identifier: GPL-2.0-only
6 * https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
20 #include <linux/arm-smccc.h>
67 * - Mitigated in hardware and advertised by ID_AA64PFR0_EL1.CSV2.
68 * - Mitigated in hardware and listed in our "safe list".
69 * - Mitigated in software by firmware.
70 * - Mitigated in software by a CPU-specific dance in the kernel and a
71 * firmware call at EL2.
72 * - Vulnerable.
92 pr_info_once("spectre-v2 mitigation disabled by command line option\n"); in spectre_v2_mitigations_off()
184 atomic_t arm64_el2_vector_last_slot = ATOMIC_INIT(-1);
193 memcpy(dst + i, hyp_vecs_start, hyp_vecs_end - hyp_vecs_start); in __copy_hyp_vect_bpi()
201 int cpu, slot = -1; in install_bp_hardening_cb()
208 * the door when we're a guest. Skip the hyp-vectors work. in install_bp_hardening_cb()
223 if (slot == -1) { in install_bp_hardening_cb()
298 * Prefer a CPU-specific workaround if it exists. Note that we in spectre_v2_enable_fw_mitigation()
299 * still rely on firmware for the mitigation at EL2. in spectre_v2_enable_fw_mitigation()
325 * - Mitigated in hardware and listed in our "safe list".
326 * - Mitigated in hardware via PSTATE.SSBS.
327 * - Mitigated in software by firmware (sometimes referred to as SSBD).
332 * on a per-task basis, but can also be forced on for the kernel, necessitating
333 * both context-switch *and* entry/exit hooks. To make it even worse, some CPUs
335 * being stale when re-entering the kernel. The usual big.LITTLE caveats apply,
336 * so you can have systems that have both firmware and SSBS mitigations. This
339 * be opt-in for userspace. Yes, really, the cure is worse than the disease.
341 * The only good part is that if the firmware mitigation is present, then it is
343 * vulnerable CPU if one of the boot CPUs is using the firmware mitigation.
345 * Give me a VAX-11/780 any day of the week...
349 /* This is the per-cpu state tracking whether we need to talk to firmware */
364 { "force-on", SPECTRE_V4_POLICY_MITIGATION_ENABLED, },
365 { "force-off", SPECTRE_V4_POLICY_MITIGATION_DISABLED, },
373 return -EINVAL; in parse_spectre_v4_param()
378 if (strncmp(str, param->str, strlen(param->str))) in parse_spectre_v4_param()
381 __spectre_v4_policy = param->policy; in parse_spectre_v4_param()
385 return -EINVAL; in parse_spectre_v4_param()
402 pr_info_once("spectre-v4 mitigation disabled by command-line option\n"); in spectre_v4_mitigations_off()
504 regs->pstate |= PSR_SSBS_BIT; in ssbs_emulation_handler()
506 regs->pstate &= ~PSR_SSBS_BIT; in ssbs_emulation_handler()
545 /* SCTLR_EL1.DSSBS was initialised to 0 during boot */ in spectre_v4_enable_hw_mitigation()
551 * Patch a branch over the Spectre-v4 mitigation code with a NOP so that
552 * we fallthrough and check whether firmware needs to be called on this CPU.
558 BUG_ON(nr_inst != 1); /* Branch -> NOP */ in spectre_v4_patch_fw_mitigation_enable()
571 * Patch a NOP in the Spectre-v4 mitigation code with an SMC/HVC instruction
572 * to call into firmware to adjust the mitigation state.
580 BUG_ON(nr_inst != 1); /* NOP -> HVC/SMC */ in spectre_v4_patch_fw_mitigation_conduit()
635 regs->pstate |= bit; in __update_pstate_ssbs()
637 regs->pstate &= ~bit; in __update_pstate_ssbs()
643 bool ssbs = false, kthread = tsk->flags & PF_KTHREAD; in spectre_v4_enable_task_mitigation()
654 * The Spectre-v4 mitigation can be controlled via a prctl() from userspace.
681 * re-enabled. in ssbd_prctl_set()
684 return -EPERM; in ssbd_prctl_set()
688 * off and we again prevent it from being re-enabled. in ssbd_prctl_set()
691 return -EPERM; in ssbd_prctl_set()
702 return -EPERM; in ssbd_prctl_set()
710 return -EPERM; in ssbd_prctl_set()
723 return -EPERM; in ssbd_prctl_set()
730 return -ERANGE; in ssbd_prctl_set()
744 return -ENODEV; in arch_prctl_spec_ctrl_set()
787 return -ENODEV; in arch_prctl_spec_ctrl_get()